LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices


Reply
  Search this Thread
Old 06-18-2015, 09:26 AM   #1
JockVSJock
Senior Member
 
Registered: Jan 2004
Location: DC
Distribution: RHEL/CentOS
Posts: 1,386
Blog Entries: 4

Rep: Reputation: 164Reputation: 164
Where does RH-Firewall-1-INPUT fall into the scheme of things with IPTables


For RHEL IPTables, I'm trying to understand how RH-Firewall-1-INPUT works with the other chains of input, output and forward.

Found some info online that it is a user-defined custom chain that is used by input, output and forward chains, however that was vague and I'm not sure how it really works with the other chains in IPTables.

Was wondering if others had insight or could point me in the right direction.

thanks
 
Old 06-18-2015, 12:14 PM   #2
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
This is a STUPID thing Rh done trying to be cleaver. I wipe their setting every-time and recreate the rules as I see fit.
 
Old 06-19-2015, 05:18 AM   #3
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 7.7 (?), Centos 8.1
Posts: 17,847

Rep: Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584
The key phrase is
Quote:
user-defined custom chain
You can add your own chains and jump to them from the std chains when a given condition is matched.

HTH
 
Old 06-19-2015, 05:43 AM   #4
JockVSJock
Senior Member
 
Registered: Jan 2004
Location: DC
Distribution: RHEL/CentOS
Posts: 1,386

Original Poster
Blog Entries: 4

Rep: Reputation: 164Reputation: 164
Quote:
Originally Posted by chrism01 View Post
The key phrase is

You can add your own chains and jump to them from the std chains when a given condition is matched.

HTH
I'm not clear on how adding in your own custom rules for say INPUT and OUTPUT differs from RH-Fireall 1 INPUT.

Do you have an example where it jumps from INPUT/OUTPUT to RH-Firewall 1 INPUT?
 
Old 06-19-2015, 05:50 AM   #5
JockVSJock
Senior Member
 
Registered: Jan 2004
Location: DC
Distribution: RHEL/CentOS
Posts: 1,386

Original Poster
Blog Entries: 4

Rep: Reputation: 164Reputation: 164
Found the following example online:

Code:
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
I'm new to IPTables, so it seems odd to jump from one rule to another rule.

Also, it seems as of RHEL v6, this is dropped.
 
Old 06-19-2015, 11:19 AM   #6
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
These are chains that are not needed. As stated before RH was trying to be cleaver. Anything in RH-FIREWALL-1-INPUT can be moved to INPUT chain without issues. Same for RH-FORWARD-1-INPUT can be moved to FORWARD chain.

They dropped this in v6 because behind closed doors they realized it was stupid too.

Wait until you jump to v7 where they use a totally different firewall. Now you are going to have fun. But you can disable this one too and install iptables, as I have done.
 
  


Reply

Tags
iptables, rh-firewall-1-input, rhel


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How can I tell if these iptables rules already exist? iptables -P INPUT ACCEPT iptabl abefroman Linux - Security 1 10-21-2013 03:00 PM
LXer: Where Things Fall Short: Eight Shortcomings Of Mesa 8.0 LXer Syndicated Linux News 0 01-12-2012 12:30 AM
Iptables with iptables-firewall.conf arno's matt3333 Slackware 16 06-28-2007 07:20 AM
Password generation failed for scheme {CRYPT}: scheme not recognized olva Linux - General 0 11-05-2006 11:21 AM
Iptables question? What is this? :RH-Firewall-1-INPUT - [0:0] abcampa Linux - Security 3 05-09-2005 12:44 PM

LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise

All times are GMT -5. The time now is 11:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration